MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 44d8b3f07dbc58b71d97f02414ddbf0953563556884d09cdf420cca309e187ec. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 10


Intelligence 10 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 44d8b3f07dbc58b71d97f02414ddbf0953563556884d09cdf420cca309e187ec
SHA3-384 hash: ea6c9992131717366629d0fa8009cb229d5b0d6b945633ddb8b7f3f3fe64d614645722e17fa4e96e6525ea63279df680
SHA1 hash: c81ad38df74b5c7246287ccb6f74104c9e2c3012
MD5 hash: a441d3c31b09ebd7f5e8d0daba810a1f
humanhash: washington-carolina-island-east
File name:SecuriteInfo.com.Adware.Toolbar.894.2371.25454
Download: download sample
File size:2'041'957 bytes
First seen:2022-09-15 21:58:45 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 884310b1928934402ea6fec1dbd3cf5e (3'725 x GCleaner, 3'450 x Socks5Systemz, 262 x RaccoonStealer)
ssdeep 49152:5aQge4z+kvwqFQB5HzR38ysUgDvLONHFyV64AJM:Qt6LqF2HCvDTYHo4M
Threatray 148 similar samples on MalwareBazaar
TLSH T16F95331275A3E4BEC5B1DFF43F9E82909572BD327DBA1402395C6BAC2B31264F506326
TrID 75.1% (.EXE) Inno Setup installer (109740/4/30)
9.7% (.EXE) Win32 Executable Delphi generic (14182/79/4)
4.5% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
3.0% (.EXE) Win32 Executable (generic) (4505/5/1)
2.0% (.MZP) WinArchiver Mountable compressed Archive (3000/1)
dhash icon b298acbab2ca7a72 (2'327 x GCleaner, 1'631 x Socks5Systemz, 67 x RedLineStealer)
Reporter SecuriteInfoCom
Tags:exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
379
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
SecuriteInfo.com.Adware.Toolbar.894.2371.25454
Verdict:
Malicious activity
Analysis date:
2022-09-16 06:38:13 UTC
Tags:
installer
Link:
https://app.any.run/tasks/d630d35f-ec1c-4a67-8d48-d74f68be9e25

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/310351/
Detection(s):
SecuriteInfo.com.Adware.Toolbar.894.2371.25454.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a file in the %temp% subdirectories
Creating a window
Creating a process from a recently created file
Сreating synchronization primitives
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://dragonfly.certego.net/analysis/37760/overview
Behaviour
MalwareBazaar
CheckCmdLine
Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Tags:
greyware overlay packed shell32.dll
Link:
https://www.filescan.io/uploads/6323a0297d0be8881fbd7c47/reports/8a9f5f15-ae2d-44ad-997a-5ae8a2f991a5/overview
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/fd20c23d-4669-469c-98bc-fa4f4488af12
Result
Threat name:
Unknown
Detection:
suspicious
Classification:
spyw
Score:
32 / 100
Link:
https://www.joesandbox.com/analysis/1071275
Signature
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Obfuscated command line found
Tries to harvest and steal browser information (history, passwords, etc)
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 703817 Sample: SecuriteInfo.com.Adware.Too... Startdate: 15/09/2022 Architecture: WINDOWS Score: 32 51 www.google.com 2->51 53 www.glorylogic.com 2->53 55 2 other IPs or domains 2->55 69 Multi AV Scanner detection for dropped file 2->69 71 Multi AV Scanner detection for submitted file 2->71 10 SecuriteInfo.com.Adware.Toolbar.894.2371.25454.exe 2 2->10         started        signatures3 process4 file5 29 SecuriteInfo.com.A....894.2371.25454.tmp, PE32 10->29 dropped 73 Obfuscated command line found 10->73 14 SecuriteInfo.com.Adware.Toolbar.894.2371.25454.tmp 23 22 10->14         started        signatures6 process7 file8 31 C:\Users\user\AppData\Local\...\_shfoldr.dll, PE32 14->31 dropped 33 C:\Users\user\AppData\Local\...\_setup64.tmp, PE32+ 14->33 dropped 35 C:\Users\user\AppData\Local\...\_RegDLL.tmp, PE32 14->35 dropped 37 6 other files (none is malicious) 14->37 dropped 17 ApnStub.exe 16 14->17         started        21 ImageTuner.exe 1 20 14->21         started        process9 dnsIp10 39 tbapi.search.ask.com 34.102.132.13, 49731, 80 GOOGLEUS United States 17->39 41 img.apnanalytics.com 34.117.224.112, 49732, 80 GOOGLE-AS-APGoogleAsiaPacificPteLtdSG United States 17->41 49 2 other IPs or domains 17->49 65 Multi AV Scanner detection for dropped file 17->65 67 Tries to harvest and steal browser information (history, passwords, etc) 17->67 43 glorylogic.com 208.100.40.6, 443, 49742, 49743 STEADFASTUS United States 21->43 45 192.168.2.1 unknown unknown 21->45 47 www.glorylogic.com 21->47 23 chrome.exe 15 21->23         started        signatures11 process12 dnsIp13 57 239.255.255.250 unknown Reserved 23->57 26 chrome.exe 23->26         started        process14 dnsIp15 59 pagead46.l.doubleclick.net 142.250.180.130, 443, 49774 GOOGLEUS United States 26->59 61 clients.l.google.com 142.250.180.142, 443, 49754 GOOGLEUS United States 26->61 63 11 other IPs or domains 26->63
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/44d8b3f07dbc58b71d97f02414ddbf0953563556884d09cdf420cca309e187ec/
Threat name:
Win32.PUA.AskToolbar
Create hunting rule
Status:
Malicious
First seen:
2013-01-20 08:42:00 UTC
File Type:
PE (Exe)
Extracted files:
317
AV detection:
7 of 41 (17.07%)
Threat level:
  1/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=itmlh4d5xrmlohmx6asbjxn7bfjvmnkwrbgqttpuedgkgcpbq7wa._file
Verdict:
suspicious
Similar samples:
080b7ef0046b6b9f7b805dc02b796f0bb1a24de16c08af48bd3753324eb3426f
0e4651625abda88df56952b7e97d7fb64a3e1ea97bfe01e931d47381c0952e98
40c4d06433a2db2e570b3302e01c5c2ebe51efb59473a5b08cb132ab6af8638b
5a6638b1edca711c107d707ee79dd3fd3065b4ba7a799c8cd85dae089a6dcff9
6aa0d341cee633c2783960687c79d951bf270924df527ac4a99b6bfabf28d4ae
98b468e708f22b86af58c0b3157bef6a94e15505170668e4046817edaca31e70
a412840c44db8bca039ce13176d7d6b9be9b2cbd1ef81eb85cd2f0c9180f6511
fc45728dcdf75985369c218c0386d8b5e3e49fcbce67bf41c02ba31c01300b0a
+ 138 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  8/10
Tags:
spyware stealer
Link:
https://tria.ge/reports/220915-1v2s5shhbj/
Behaviour
Modifies system certificate store
Suspicious use of WriteProcessMemory
Loads dropped DLL
Reads user/profile data of web browsers
Executes dropped EXE
Verdict:
Suspicious
Tags:
n/a
YARA:
n/a
Link:
https://app.threat.zone/submission/3f17bd51-62c0-4c9f-9db8-b20fec9cbe01
Unpacked files
SH256 hash:
675fd0700f88c2724497f1498d5400c982c4cf0b2c54db8932ce9222991a5ed3
MD5 hash:
73ddb910e447e8bee6f92906e140c768
SHA1 hash:
a629df4679b17edb4b5c0239de0439adc9c47515
Link:
https://www.unpac.me/results/f4b1124d-c795-4b4e-b323-0d16acb613e0/
SH256 hash:
6d26ebda5c50f2a2ca0fb8e211d42ba28046f4e1c01e66b0e63a1bdc49ddc73f
MD5 hash:
b10ab86198793e4e7ffcab12cc57ecae
SHA1 hash:
940e2a3b7b2996a1df687f3366d1277eb55ad0dd
Link:
https://www.unpac.me/results/f4b1124d-c795-4b4e-b323-0d16acb613e0/
SH256 hash:
1ee0d65dc5df4f73370aa7465e131d26a74cfae0f47628354f0fc9ad7318ae45
MD5 hash:
d4c666fd24f5b356c6eb14f477edb085
SHA1 hash:
bce3fcc8b436cb609e09f6f41a2ab366900c05d8
Link:
https://www.unpac.me/results/f4b1124d-c795-4b4e-b323-0d16acb613e0/
SH256 hash:
44d8b3f07dbc58b71d97f02414ddbf0953563556884d09cdf420cca309e187ec
MD5 hash:
a441d3c31b09ebd7f5e8d0daba810a1f
SHA1 hash:
c81ad38df74b5c7246287ccb6f74104c9e2c3012
Link:
https://www.unpac.me/results/f4b1124d-c795-4b4e-b323-0d16acb613e0/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/44d8b3f07dbc58b71d97f02414ddbf0953563556884d09cdf420cca309e187ec

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/310351/

Comments